Read Another Program's Memory

What API should I use to read, say I want to read address 0048B960 of another program, how would I do this?

ReadProcessMemory API call...its explained well on msdn. Or you can see an example a few posts down in my thread.

Thanks for the info, one more thing. How do I get the handle to the process? Is that the process's hWnd?

hWnd is a window handle...

this link shows how to get process IDs from running processes.. you could trim it to just get it on a specific process.. since this code returns an array with the info on ALL running processes...
http://www.devx.com/vb2themax/Tip/19242

that code says it doesn't work on WinNT, which is what XP is based on, which is what I'm running. But I tried the code anyway, it detects a whole whopping five processes -- not at all what I'm looking for.

Quote:

---

Originally Posted by Disiance

that code says it doesn't work on WinNT, which is what XP is based on, which is what I'm running. But I tried the code anyway, it detects a whole whopping five processes -- not at all what I'm looking for.

---

I am not sure why the code isn't working... but I know what Windows XP is based on... if you want to get technical.. windows XP is based on windows 2000... which the example says it works with... (windows NT does not support many of the things 2000/XP have because they were merged with the windows 9x systems as of win2k...

I will see if I can't get the example to work

ok, and thanks for the help so far.

Another question on the ReadProcessMemory function. I currently have:

VB Code:

Dim Str As String
    ReadProcessMemory GetCurrentProcessId, &HFF, Str, 5, 0&
    MsgBox Str

Why does this return a blank string? I know the GetCurrentProcessID function is working, and I've tried changing the memory location to different values, even searched for a good location to read using WinHex.

what exactly is it you are trying to accomplish.. perhaps there is a better way to go about it.

I'm trying to pull some data from a program running on my computer for use in my program. I want to pull a caption from a label control that I know the memory address for.

Search the forum for that Cracker Challenge....... i know one of the solutions did this and it was explained what the person did and how they replaced a label through memory.

ice> That thread does not have anything in it except that it changed the memory, didn't give the code that changed the value.

ok, All I want to do is get the ReadProcessMemory to work. I have searched the forums, looked all over MSDN, done a google search, can't figure it out. I can find the process ID of the program I want to read easily enough, FindWindow and then convert the hWnd to processID. I just want to know how to get the ReadProcessMemory to work.

I honestly just did it in another thread but ok....

the return value for readprocessmemory is not actually what you want. it just returns 1 or 0 for succeed or fail. anyway... i would take out the actual function call to the getcurrentprocessid command and just save the value in a local variable. i realize this probably isn't it but use the KISS principle whenever possible. i then would get a better base address than &hff. I would bet your life that this address is not what you actually want. now whenever you read the actual process memory that will be virtual memory reading whereas your hex program might be reading actual memory locations. that is all i can think of... there is probably 2.2 million examples of doing what you want to in snippet form though...

This is what I've got:

VB Code:

Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
 
 
Private Sub Command1_Click()
    Dim pHandle As Long
    pHandle = OpenProcess(&H1F0FFF, False, GetCurrentProcessId)
    Dim buffer As String * 50
    Dim readlen As Long
    
    MsgBox ReadProcessMemory(pHandle, 255, buffer, 50, readlen)
    
    CloseHandle pHandle
End Sub

When I run that Windows says that the program has encountered an error and must be shut down. I've looked all over the 'net for code examples and such, from PSCode and other places like it, to just a plain google search on this.

what program do you want to change a caption on.. perhaps it can be done a different way using a combo of API calls like SetWindowText

SetWindowText only needs the WINDOW handle (hWnd) of the object you want to change text on... you could obtain that via findwindow and enumwindow api calls etc...

SetWindowText changes a windows titlebar.. but if its a control it changes the controls text (according to allapi.net)

Yes I could do it that way, but I'm intrigued with why this isn't working.

Actually I would love to know why also. I wrote a program that goes through a process and prints out all the strings in the stack. However the openProcess function is returning zero on some of the computers I have tried it on and works on others. HMMMMMMM>>>>!!!.....

What access are you requesting in GetCurrentProcessId?

Pretty sure it's full access,, "&H1F0FFF"
I know it is not returning 0 either.

Could you give me a copy of the code you used in your program? I believe I posted the code I'm using up there ^^^.

My openprocess command hasn't worked on a few XP machines already my post that has the code is in the thread "strings from memory"

Quote:

---

Originally Posted by Lyric8

My openprocess command hasn't worked on a few XP machines already my post that has the code is in the thread "strings from memory"

---

I ran that code yesterday, it worked for me.

Then ur done? copy paste job?

Quote:

---

Originally Posted by Lyric8

Then ur done? copy paste job?

---

No, the code I ran was yours which just got the ProcessID, that's the code which ran fine for me.

your looking at the wrong thread...that is why i gave you the exact title of it...

Ok, now I'm using the code:

VB Code:

Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
 
Public Function StrFromPtr(pHandle As Long, ByVal pStr As Long) As String
    Dim i As Long
    Dim x As String, result As String
    x = " "
    For i = 0& To 255&
    ' stop if not successful
    If ReadProcessMemory(pHandle, pStr + i, x, 1, 0&) = 0 Then Exit For
    ' end of string
    If Asc(x) = 0 Then Exit For
    result = result & x
    Next i
    StrFromPtr = result
End Function
 
 
Private Sub Command1_Click()
Dim pHandle As Long
pHandle = OpenProcess(&H1F0FFF, False, GetCurrentProcessId)
Dim buffer As String * 50
Dim readlen As Long
 
MsgBox ReadProcessMemory(pHandle, 255, buffer, 50, readlen)
 
CloseHandle pHandle
End Sub
 
Private Function ConvertNumberToString(number As Double) As String
    'converts number to string will be searched in memory
    
    If number < 256 Then ConvertNumberToString = Chr(number): Exit Function
    
    If number < 65536 Then
        ConvertNumberToString = Chr(number And 255) & Chr((number And 65280) / 256)
        Exit Function
    End If
    
    b4 = number And 255: number = Int(number / 256)
    b3 = number And 255: number = Int(number / 256)
    b2 = number And 255: number = Int(number / 256)
    b1 = number And 255: number = Int(number / 256)
    
    ConvertNumberToString = Chr(b4) & Chr(b3) & Chr(b2) & Chr(b1)
End Function

VB is still crashing when I run this.

Hi;

i have some quetions about how reading memory of a process..well, i have a program that help me to read all memory and change text of a proces textbox. but it isnot enough for me :) . i want to read only a specified process memory but i do not know how do i get starting and ending memory address of a specified process? could you help me?

Show us the code you're using to read the memory now and we'll be better able to help you.